Like what you read and curious about the conversation? Visit CISO Perspectives to get further insights into this topic. CISO Perspectives is a weekly column and podcast where Kim Jones explores the evolving landscape of cybersecurity leadership, talent, and risk—because success in cybersecurity is about people, not just technology.
Fraud in a new world.
Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.
At 400 words, this briefing is about a 4-minute read.
Fraud in a new world.
Fraud has been a longstanding issue, one that has never been and will never be completely solved. However, like many other things, fraud is evolving as threat actors are leveraging new scams and new technologies. Whether it be exploiting cryptocurrencies or utilizing artificial intelligence (AI), threat actors are making scams more sophisticated than ever.
One emerging scam is pig-butchering scams. The California Department of Financial Protection and Innovation (DFPI) highlighted the dangers of these cryptocurrency scams. The DFPI noted that these scams typically begin by contacting a victim through a text messaging service, dating app, or social media site. Afterward, the scammer will spend weeks or months establishing a relationship with the victim before presenting investment opportunities related to cryptocurrency assets. If successful, the attacker will have the victim convert their cash into crypto and then have it transferred to a fraudulent platform.
To illustrate how successful and widespread these scams are, earlier in October, the Department of Justice (DOJ) was able to seize $15 billion in cryptocurrency harvested from “pig butchering” scams. Allegedly, these funds emanated from forced labor camps in Cambodia. This forfeiture action was the largest in the history of the DOJ.
These scams and similar ones have only been made more impactful with the introduction of AI. The World Economic Forum (WEF) commented on the dangers posed by fraudsters' adoption of generative AI. The WEF noted how with AI deepfake technology, criminals can “impersonate individuals’ appearances with deceptive accuracy, potentially bypassing verification systems and gaining access to sensitive resources.” Additionally, WEF emphasized that AI will also enable actors to exploit identity vulnerabilities at a significantly higher scale, especially in outdated systems.
Mitigating fraud.
To confront these threats, organizations need to adapt to this new paradigm. One solution is routine and continuous training for employees. Many organizations see training as a one-time solution; however, consistent training, done multiple times a year, has been shown to reduce breaches and mitigate some of the inherent human risks.
Beyond training, technical safeguards, such as multi-factor authentication, identity verification systems, and emerging fraud detection tools, can aid in these efforts. However, security leaders must recognize that no security measure will eliminate this risk. Rather, leaders should focus on reducing the likelihood of a successful breach while simultaneously preparing for it to inevitably occur. By assuming a breach will happen, organizations can create resilient recovery systems that allow them to respond quickly and minimize damage.